Scanned, removed, still infected

madball2012 · July 20, 2012

Hi Guys,

I appreaciate the help. Pasted the DDS.txt below and attached the Attach log as requested.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Marla at 12:08:37 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.1766 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\Explorer.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\TECO\Teco.exe

C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Windows\System32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://start.toshiba.com

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [TOSHIBA] rundll32.exe "C:\Users\Marla\AppData\Local\VirtualStore\TOSHIBA\mobydcbg.dll",DllRegisterServer

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

uRun: [softGrid Client] rundll32.exe "C:\Users\Marla\AppData\Local\Temp\SoftGrid Client\wsnznsv.dll",CreateInstance

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BB708CB4-092D-4C68-8549-F4780DD30426} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BB708CB4-092D-4C68-8549-F4780DD30426}\642716A75627 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{BB708CB4-092D-4C68-8549-F4780DD30426}\642716A75627A2 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{DD3FAF15-7FAA-48AB-99B8-5CEAEDFAD6EC} : DhcpNameServer = 50.30.0.51

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO-X64: Vuze Remote - No File

BHO-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120522.001\IDSviA64.sys [2012-5-22 488568]

R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-20 655944]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-10-17 123320]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-10-17 126392]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-16 138360]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-10-17 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]

R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-27 828856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-23 250056]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-20 16:31:57 -------- d-----w- C:\Users\Marla\AppData\Roaming\Malwarebytes

2012-07-20 16:31:43 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-07-20 16:31:43 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-20 16:31:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-17 19:11:13 -------- d-----w- C:\Users\Marla\AppData\Local\{9F5EEFF0-8D70-4E85-8A86-021B6DC81EE6}

2012-07-17 19:09:59 -------- d-----w- C:\Users\Marla\AppData\Local\{95A5FFE8-C36D-4E51-B2F2-B11D97B7DBEE}

2012-07-17 19:09:31 -------- d-----w- C:\Users\Marla\AppData\Local\{F02319A9-190C-4007-B9E0-FDC436B32591}

2012-07-17 19:09:31 -------- d-----w- C:\Users\Marla\AppData\Local\{606696E6-927E-41DF-BC1C-3F3180E46AD4}

2012-07-12 17:35:01 3148800 ----a-w- C:\windows\System32\win32k.sys

2012-07-11 19:12:10 2004480 ----a-w- C:\windows\System32\msxml6.dll

2012-07-06 04:08:00 -------- d-----w- C:\ProgramData\Toshiba Book Place

2012-06-28 04:20:10 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%

2012-06-27 00:11:38 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{64DD4E0F-A21B-4A78-9104-BE23E1671D5E}\mpengine.dll

2012-06-23 15:04:24 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-23 15:04:05 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-23 15:03:47 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-23 15:03:47 186752 ----a-w- C:\windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-12 19:49:09 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 19:49:09 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2012-05-17 03:47:46 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

.

============= FINISH: 12:09:18.86 ===============

Attach.txt

Maurice Naggar · July 20, 2012

Hello madball and welcome to MalwareBytes forums.

I have moved your help-topic here.

You need to give a general description of the problem and just what you had "removed".

Do as much as possible of the following. Copy and paste each report as you go along. and proceed to do all below.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and copy/paste into a reply

Step 4

Please read carefully and follow these steps.

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
Download TDSSKiller and save it to your Desktop.
If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
If on Windows XP, double-click to start.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
>> from here <<
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on Scan button at upper right of screen.
Wait until the Status box shows "Scan Finished"
Click on Report and copy/paste the content of the Notepad into a reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller

Step 6

RE-Enable your antivirus program. :excl:

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

Double click on RSITx64.exe to run RSITx64.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
I will need the following logs:

the contents of aswMBR report;
the contents of TDSSKILLER log;
the contents of RKreport.txt log;
the contents of Log.txt;
the contents of Info.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

madball2012 · July 20, 2012

Hi Maurice,

Pasting logs as requested:

Run date: 2012-07-20 14:05:45

-----------------------------

14:05:45.347 OS Version: Windows x64 6.1.7601 Service Pack 1

14:05:45.347 Number of processors: 2 586 0x100

14:05:45.347 ComputerName: MARLA-PC UserName: Marla

14:05:47.277 Initialize success

14:06:39.220 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

14:06:39.230 Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA60B Size: 476940MB BusType: 11

14:06:39.250 Disk 0 MBR read successfully

14:06:39.250 Disk 0 MBR scan

14:06:39.250 Disk 0 Windows VISTA default MBR code

14:06:39.260 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

14:06:39.270 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 460595 MB offset 3074048

14:06:39.300 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14844 MB offset 946372608

14:06:39.330 Disk 0 scanning C:\windows\system32\drivers

14:06:45.170 Service scanning

14:07:07.485 Modules scanning

14:07:07.495 Scan finished successfully

14:07:32.506 Disk 0 MBR has been saved successfully to "C:\Users\Marla\Desktop\Malware scans\MBR.dat"

14:07:32.506 The log file has been saved successfully to "C:\Users\Marla\Desktop\Malware scans\aswMBR.txt"

14:08:33.0696 5104 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

14:08:34.0079 5104 ============================================================

14:08:34.0079 5104 Current date / time: 2012/07/20 14:08:34.0079

14:08:34.0079 5104 SystemInfo:

14:08:34.0079 5104

14:08:34.0080 5104 OS Version: 6.1.7601 ServicePack: 1.0

14:08:34.0080 5104 Product type: Workstation

14:08:34.0080 5104 ComputerName: MARLA-PC

14:08:34.0080 5104 UserName: Marla

14:08:34.0080 5104 Windows directory: C:\windows

14:08:34.0080 5104 System windows directory: C:\windows

14:08:34.0080 5104 Running under WOW64

14:08:34.0080 5104 Processor architecture: Intel x64

14:08:34.0080 5104 Number of processors: 2

14:08:34.0080 5104 Page size: 0x1000

14:08:34.0080 5104 Boot type: Normal boot

14:08:34.0080 5104 ============================================================

14:08:36.0490 5104 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:08:36.0503 5104 ============================================================

14:08:36.0503 5104 \Device\Harddisk0\DR0:

14:08:36.0605 5104 MBR partitions:

14:08:36.0605 5104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38399800

14:08:36.0605 5104 ============================================================

14:08:36.0631 5104 C: <-> \Device\Harddisk0\DR0\Partition0

14:08:36.0631 5104 ============================================================

14:08:36.0631 5104 Initialize success

14:08:36.0631 5104 ============================================================

14:08:57.0481 5612 ============================================================

14:08:57.0481 5612 Scan started

14:08:57.0481 5612 Mode: Manual; SigCheck; TDLFS;

14:08:57.0481 5612 ============================================================

14:08:59.0012 5612 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

14:08:59.0114 5612 1394ohci - ok

14:08:59.0173 5612 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

14:08:59.0194 5612 ACPI - ok

14:08:59.0214 5612 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

14:08:59.0256 5612 AcpiPmi - ok

14:08:59.0404 5612 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:08:59.0424 5612 AdobeFlashPlayerUpdateSvc - ok

14:08:59.0527 5612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

14:08:59.0564 5612 adp94xx - ok

14:08:59.0610 5612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

14:08:59.0634 5612 adpahci - ok

14:08:59.0693 5612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

14:08:59.0731 5612 adpu320 - ok

14:08:59.0769 5612 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

14:08:59.0819 5612 AeLookupSvc - ok

14:08:59.0889 5612 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

14:08:59.0924 5612 AFD - ok

14:08:59.0969 5612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

14:08:59.0984 5612 agp440 - ok

14:09:00.0032 5612 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

14:09:00.0071 5612 ALG - ok

14:09:00.0091 5612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

14:09:00.0105 5612 aliide - ok

14:09:00.0157 5612 AMD External Events Utility (833d43cfbac21365d36cf797377457d9) C:\windows\system32\atiesrxx.exe

14:09:00.0202 5612 AMD External Events Utility - ok

14:09:00.0224 5612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

14:09:00.0237 5612 amdide - ok

14:09:00.0264 5612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

14:09:00.0293 5612 AmdK8 - ok

14:09:00.0863 5612 amdkmdag (fad670b417adccd9c99bc3aa3d754958) C:\windows\system32\DRIVERS\atikmdag.sys

14:09:01.0133 5612 amdkmdag - ok

14:09:01.0263 5612 amdkmdap (f0b63dead17f760dbc85ccd7bf978c05) C:\windows\system32\DRIVERS\atikmpag.sys

14:09:01.0293 5612 amdkmdap - ok

14:09:01.0343 5612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

14:09:01.0373 5612 AmdPPM - ok

14:09:01.0413 5612 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

14:09:01.0423 5612 amdsata - ok

14:09:01.0463 5612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

14:09:01.0483 5612 amdsbs - ok

14:09:01.0523 5612 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

14:09:01.0533 5612 amdxata - ok

14:09:01.0573 5612 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

14:09:01.0633 5612 AppID - ok

14:09:01.0653 5612 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

14:09:01.0703 5612 AppIDSvc - ok

14:09:01.0733 5612 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

14:09:01.0793 5612 Appinfo - ok

14:09:01.0883 5612 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:09:01.0903 5612 Apple Mobile Device - ok

14:09:01.0933 5612 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

14:09:01.0943 5612 arc - ok

14:09:01.0963 5612 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

14:09:01.0973 5612 arcsas - ok

14:09:02.0003 5612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

14:09:02.0063 5612 AsyncMac - ok

14:09:02.0083 5612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

14:09:02.0093 5612 atapi - ok

14:09:02.0153 5612 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\windows\system32\drivers\AtihdW76.sys

14:09:02.0173 5612 AtiHDAudioService - ok

14:09:02.0253 5612 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

14:09:02.0313 5612 AudioEndpointBuilder - ok

14:09:02.0313 5612 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

14:09:02.0363 5612 AudioSrv - ok

14:09:02.0403 5612 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

14:09:02.0443 5612 AxInstSV - ok

14:09:02.0513 5612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

14:09:02.0563 5612 b06bdrv - ok

14:09:02.0643 5612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

14:09:02.0673 5612 b57nd60a - ok

14:09:02.0713 5612 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

14:09:02.0743 5612 BDESVC - ok

14:09:02.0783 5612 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

14:09:02.0833 5612 Beep - ok

14:09:03.0053 5612 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys

14:09:03.0093 5612 BHDrvx64 - ok

14:09:03.0183 5612 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

14:09:03.0263 5612 BITS - ok

14:09:03.0313 5612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

14:09:03.0363 5612 blbdrive - ok

14:09:03.0453 5612 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:09:03.0463 5612 Bonjour Service - ok

14:09:03.0523 5612 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

14:09:03.0553 5612 bowser - ok

14:09:03.0593 5612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

14:09:03.0623 5612 BrFiltLo - ok

14:09:03.0643 5612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

14:09:03.0653 5612 BrFiltUp - ok

14:09:03.0693 5612 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

14:09:03.0753 5612 Browser - ok

14:09:03.0803 5612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

14:09:03.0843 5612 Brserid - ok

14:09:03.0863 5612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

14:09:03.0893 5612 BrSerWdm - ok

14:09:03.0933 5612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

14:09:03.0963 5612 BrUsbMdm - ok

14:09:03.0983 5612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

14:09:04.0013 5612 BrUsbSer - ok

14:09:04.0053 5612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

14:09:04.0083 5612 BTHMODEM - ok

14:09:04.0123 5612 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

14:09:04.0173 5612 bthserv - ok

14:09:04.0243 5612 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys

14:09:04.0263 5612 ccSet_NIS - ok

14:09:04.0293 5612 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

14:09:04.0343 5612 cdfs - ok

14:09:04.0383 5612 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

14:09:04.0413 5612 cdrom - ok

14:09:04.0463 5612 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

14:09:04.0523 5612 CertPropSvc - ok

14:09:04.0543 5612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

14:09:04.0573 5612 circlass - ok

14:09:04.0624 5612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

14:09:04.0644 5612 CLFS - ok

14:09:04.0734 5612 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:09:04.0754 5612 clr_optimization_v2.0.50727_32 - ok

14:09:04.0814 5612 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:09:04.0824 5612 clr_optimization_v2.0.50727_64 - ok

14:09:04.0894 5612 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:09:04.0904 5612 clr_optimization_v4.0.30319_32 - ok

14:09:04.0954 5612 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:09:04.0974 5612 clr_optimization_v4.0.30319_64 - ok

14:09:05.0014 5612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

14:09:05.0034 5612 CmBatt - ok

14:09:05.0044 5612 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

14:09:05.0054 5612 cmdide - ok

14:09:05.0114 5612 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys

14:09:05.0144 5612 CNG - ok

14:09:05.0274 5612 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys

14:09:05.0324 5612 CnxtHdAudService - ok

14:09:05.0434 5612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

14:09:05.0454 5612 Compbatt - ok

14:09:05.0494 5612 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

14:09:05.0514 5612 CompositeBus - ok

14:09:05.0534 5612 COMSysApp - ok

14:09:05.0564 5612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

14:09:05.0574 5612 crcdisk - ok

14:09:05.0614 5612 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

14:09:05.0634 5612 CryptSvc - ok

14:09:05.0794 5612 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

14:09:05.0834 5612 cvhsvc - ok

14:09:05.0884 5612 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

14:09:05.0944 5612 DcomLaunch - ok

14:09:05.0994 5612 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

14:09:06.0054 5612 defragsvc - ok

14:09:06.0104 5612 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

14:09:06.0154 5612 DfsC - ok

14:09:06.0224 5612 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

14:09:06.0284 5612 Dhcp - ok

14:09:06.0304 5612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

14:09:06.0344 5612 discache - ok

14:09:06.0414 5612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

14:09:06.0424 5612 Disk - ok

14:09:06.0464 5612 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

14:09:06.0514 5612 Dnscache - ok

14:09:06.0564 5612 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

14:09:06.0624 5612 dot3svc - ok

14:09:06.0634 5612 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

14:09:06.0674 5612 DPS - ok

14:09:06.0714 5612 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

14:09:06.0734 5612 drmkaud - ok

14:09:06.0814 5612 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

14:09:06.0854 5612 DXGKrnl - ok

14:09:06.0894 5612 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

14:09:06.0954 5612 EapHost - ok

14:09:07.0174 5612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

14:09:07.0254 5612 ebdrv - ok

14:09:07.0374 5612 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

14:09:07.0404 5612 eeCtrl - ok

14:09:07.0504 5612 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

14:09:07.0534 5612 EFS - ok

14:09:07.0885 5612 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

14:09:07.0925 5612 ehRecvr - ok

14:09:07.0975 5612 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

14:09:07.0985 5612 ehSched - ok

14:09:08.0065 5612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

14:09:08.0095 5612 elxstor - ok

14:09:08.0205 5612 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

14:09:08.0215 5612 EraserUtilRebootDrv - ok

14:09:08.0225 5612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

14:09:08.0255 5612 ErrDev - ok

14:09:08.0325 5612 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

14:09:08.0375 5612 EventSystem - ok

14:09:08.0415 5612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

14:09:08.0455 5612 exfat - ok

14:09:08.0475 5612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

14:09:08.0525 5612 fastfat - ok

14:09:08.0605 5612 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

14:09:08.0655 5612 Fax - ok

14:09:08.0685 5612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

14:09:08.0715 5612 fdc - ok

14:09:08.0745 5612 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

14:09:08.0785 5612 fdPHost - ok

14:09:08.0795 5612 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

14:09:08.0845 5612 FDResPub - ok

14:09:08.0865 5612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

14:09:08.0875 5612 FileInfo - ok

14:09:08.0905 5612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

14:09:08.0965 5612 Filetrace - ok

14:09:08.0985 5612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

14:09:08.0995 5612 flpydisk - ok

14:09:09.0045 5612 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

14:09:09.0065 5612 FltMgr - ok

14:09:09.0165 5612 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

14:09:09.0215 5612 FontCache - ok

14:09:09.0285 5612 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:09:09.0305 5612 FontCache3.0.0.0 - ok

14:09:09.0355 5612 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

14:09:09.0365 5612 FsDepends - ok

14:09:09.0405 5612 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

14:09:09.0415 5612 Fs_Rec - ok

14:09:09.0465 5612 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

14:09:09.0485 5612 fvevol - ok

14:09:09.0545 5612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

14:09:09.0555 5612 gagp30kx - ok

14:09:09.0635 5612 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

14:09:09.0655 5612 GamesAppService - ok

14:09:09.0685 5612 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

14:09:09.0695 5612 GEARAspiWDM - ok

14:09:09.0755 5612 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

14:09:09.0815 5612 gpsvc - ok

14:09:09.0895 5612 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:09:09.0905 5612 gupdate - ok

14:09:09.0925 5612 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:09:09.0935 5612 gupdatem - ok

14:09:09.0965 5612 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

14:09:09.0975 5612 gusvc - ok

14:09:10.0005 5612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

14:09:10.0045 5612 hcw85cir - ok

14:09:10.0095 5612 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

14:09:10.0135 5612 HdAudAddService - ok

14:09:10.0175 5612 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

14:09:10.0205 5612 HDAudBus - ok

14:09:10.0225 5612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

14:09:10.0245 5612 HidBatt - ok

14:09:10.0270 5612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

14:09:10.0300 5612 HidBth - ok

14:09:10.0330 5612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

14:09:10.0350 5612 HidIr - ok

14:09:10.0377 5612 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

14:09:10.0427 5612 hidserv - ok

14:09:10.0472 5612 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

14:09:10.0487 5612 HidUsb - ok

14:09:10.0522 5612 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

14:09:10.0572 5612 hkmsvc - ok

14:09:10.0617 5612 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

14:09:10.0660 5612 HomeGroupListener - ok

14:09:10.0696 5612 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

14:09:10.0720 5612 HomeGroupProvider - ok

14:09:10.0769 5612 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

14:09:10.0784 5612 HpSAMD - ok

14:09:10.0840 5612 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

14:09:10.0901 5612 HTTP - ok

14:09:10.0926 5612 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

14:09:10.0940 5612 hwpolicy - ok

14:09:10.0980 5612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

14:09:10.0996 5612 i8042prt - ok

14:09:11.0064 5612 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

14:09:11.0086 5612 iaStorV - ok

14:09:11.0193 5612 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

14:09:11.0213 5612 IDriverT ( UnsignedFile.Multi.Generic ) - warning

14:09:11.0213 5612 IDriverT - detected UnsignedFile.Multi.Generic (1)

14:09:11.0378 5612 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:09:11.0408 5612 idsvc - ok

14:09:11.0608 5612 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120522.001\IDSvia64.sys

14:09:11.0631 5612 IDSVia64 - ok

14:09:11.0719 5612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

14:09:11.0732 5612 iirsp - ok

14:09:11.0829 5612 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

14:09:11.0897 5612 IKEEXT - ok

14:09:11.0938 5612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

14:09:11.0952 5612 intelide - ok

14:09:11.0978 5612 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys

14:09:12.0000 5612 intelppm - ok

14:09:12.0032 5612 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

14:09:12.0083 5612 IPBusEnum - ok

14:09:12.0098 5612 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

14:09:12.0136 5612 IpFilterDriver - ok

14:09:12.0157 5612 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

14:09:12.0187 5612 IPMIDRV - ok

14:09:12.0230 5612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

14:09:12.0285 5612 IPNAT - ok

14:09:12.0388 5612 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

14:09:12.0419 5612 iPod Service - ok

14:09:12.0460 5612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

14:09:12.0479 5612 IRENUM - ok

14:09:12.0499 5612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

14:09:12.0513 5612 isapnp - ok

14:09:12.0539 5612 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

14:09:12.0558 5612 iScsiPrt - ok

14:09:12.0584 5612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

14:09:12.0598 5612 kbdclass - ok

14:09:12.0628 5612 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

14:09:12.0657 5612 kbdhid - ok

14:09:12.0685 5612 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:09:12.0701 5612 KeyIso - ok

14:09:12.0739 5612 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys

14:09:12.0756 5612 KSecDD - ok

14:09:12.0800 5612 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys

14:09:12.0819 5612 KSecPkg - ok

14:09:12.0859 5612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

14:09:12.0913 5612 ksthunk - ok

14:09:13.0130 5612 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

14:09:13.0218 5612 KtmRm - ok

14:09:13.0251 5612 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys

14:09:13.0266 5612 L1C - ok

14:09:13.0316 5612 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

14:09:13.0371 5612 LanmanServer - ok

14:09:13.0401 5612 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

14:09:13.0451 5612 LanmanWorkstation - ok

14:09:13.0516 5612 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

14:09:13.0576 5612 lltdio - ok

14:09:13.0696 5612 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

14:09:13.0761 5612 lltdsvc - ok

14:09:13.0781 5612 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

14:09:13.0821 5612 lmhosts - ok

14:09:13.0866 5612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

14:09:13.0881 5612 LSI_FC - ok

14:09:13.0896 5612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

14:09:13.0911 5612 LSI_SAS - ok

14:09:13.0926 5612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

14:09:13.0941 5612 LSI_SAS2 - ok

14:09:13.0961 5612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

14:09:13.0978 5612 LSI_SCSI - ok

14:09:14.0001 5612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

14:09:14.0048 5612 luafv - ok

14:09:14.0088 5612 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys

14:09:14.0103 5612 MBAMProtector - ok

14:09:14.0191 5612 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:09:14.0215 5612 MBAMService - ok

14:09:14.0259 5612 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

14:09:14.0274 5612 Mcx2Svc - ok

14:09:14.0304 5612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

14:09:14.0318 5612 megasas - ok

14:09:14.0360 5612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

14:09:14.0384 5612 MegaSR - ok

14:09:14.0426 5612 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

14:09:14.0478 5612 MMCSS - ok

14:09:14.0515 5612 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

14:09:14.0568 5612 Modem - ok

14:09:14.0591 5612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

14:09:14.0623 5612 monitor - ok

14:09:14.0669 5612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

14:09:14.0684 5612 mouclass - ok

14:09:14.0722 5612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys

14:09:14.0753 5612 mouhid - ok

14:09:14.0788 5612 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

14:09:14.0804 5612 mountmgr - ok

14:09:14.0825 5612 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

14:09:14.0842 5612 mpio - ok

14:09:14.0875 5612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

14:09:14.0914 5612 mpsdrv - ok

14:09:14.0934 5612 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

14:09:14.0969 5612 MRxDAV - ok

14:09:14.0987 5612 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

14:09:15.0019 5612 mrxsmb - ok

14:09:15.0062 5612 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

14:09:15.0085 5612 mrxsmb10 - ok

14:09:15.0117 5612 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

14:09:15.0137 5612 mrxsmb20 - ok

14:09:15.0155 5612 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

14:09:15.0168 5612 msahci - ok

14:09:15.0177 5612 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

14:09:15.0193 5612 msdsm - ok

14:09:15.0226 5612 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

14:09:15.0259 5612 MSDTC - ok

14:09:15.0303 5612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

14:09:15.0342 5612 Msfs - ok

14:09:15.0380 5612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

14:09:15.0427 5612 mshidkmdf - ok

14:09:15.0446 5612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

14:09:15.0459 5612 msisadrv - ok

14:09:15.0511 5612 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

14:09:15.0571 5612 MSiSCSI - ok

14:09:15.0575 5612 msiserver - ok

14:09:15.0620 5612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

14:09:15.0659 5612 MSKSSRV - ok

14:09:15.0671 5612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

14:09:15.0717 5612 MSPCLOCK - ok

14:09:15.0745 5612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

14:09:15.0798 5612 MSPQM - ok

14:09:15.0839 5612 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

14:09:15.0863 5612 MsRPC - ok

14:09:15.0886 5612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

14:09:15.0900 5612 mssmbios - ok

14:09:15.0938 5612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

14:09:16.0000 5612 MSTEE - ok

14:09:16.0012 5612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

14:09:16.0031 5612 MTConfig - ok

14:09:16.0053 5612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

14:09:16.0067 5612 Mup - ok

14:09:16.0133 5612 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

14:09:16.0199 5612 napagent - ok

14:09:16.0266 5612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

14:09:16.0297 5612 NativeWifiP - ok

14:09:16.0413 5612 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS

14:09:16.0428 5612 NAVENG - ok

14:09:16.0547 5612 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS

14:09:16.0605 5612 NAVEX15 - ok

14:09:16.0794 5612 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

14:09:16.0844 5612 NDIS - ok

14:09:16.0874 5612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

14:09:16.0923 5612 NdisCap - ok

14:09:16.0957 5612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

14:09:16.0998 5612 NdisTapi - ok

14:09:17.0007 5612 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

14:09:17.0052 5612 Ndisuio - ok

14:09:17.0091 5612 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

14:09:17.0142 5612 NdisWan - ok

14:09:17.0162 5612 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

14:09:17.0199 5612 NDProxy - ok

14:09:17.0215 5612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

14:09:17.0266 5612 NetBIOS - ok

14:09:17.0292 5612 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

14:09:17.0334 5612 NetBT - ok

14:09:17.0374 5612 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:09:17.0387 5612 Netlogon - ok

14:09:17.0454 5612 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

14:09:17.0517 5612 Netman - ok

14:09:17.0558 5612 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

14:09:17.0613 5612 netprofm - ok

14:09:17.0699 5612 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:09:17.0718 5612 NetTcpPortSharing - ok

14:09:17.0760 5612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

14:09:17.0776 5612 nfrd960 - ok

14:09:17.0871 5612 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

14:09:17.0884 5612 NIS - ok

14:09:17.0935 5612 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

14:09:17.0986 5612 NlaSvc - ok

14:09:18.0015 5612 Norton PC Checkup Application Launcher - ok

14:09:18.0047 5612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

14:09:18.0088 5612 Npfs - ok

14:09:18.0161 5612 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

14:09:18.0262 5612 nsi - ok

14:09:18.0348 5612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

14:09:18.0428 5612 nsiproxy - ok

14:09:18.0566 5612 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

14:09:18.0616 5612 Ntfs - ok

14:09:18.0719 5612 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

14:09:18.0762 5612 Null - ok

14:09:18.0784 5612 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

14:09:18.0799 5612 nvraid - ok

14:09:18.0814 5612 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

14:09:18.0829 5612 nvstor - ok

14:09:18.0862 5612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

14:09:18.0877 5612 nv_agp - ok

14:09:18.0884 5612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

14:09:18.0904 5612 ohci1394 - ok

14:09:18.0983 5612 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:09:18.0998 5612 ose - ok

14:09:19.0337 5612 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:09:19.0523 5612 osppsvc - ok

14:09:19.0688 5612 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

14:09:19.0731 5612 p2pimsvc - ok

14:09:19.0791 5612 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

14:09:19.0812 5612 p2psvc - ok

14:09:19.0868 5612 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

14:09:19.0886 5612 Parport - ok

14:09:19.0919 5612 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

14:09:19.0934 5612 partmgr - ok

14:09:19.0974 5612 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

14:09:20.0007 5612 PcaSvc - ok

14:09:20.0083 5612 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

14:09:20.0108 5612 PCCUJobMgr - ok

14:09:20.0144 5612 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

14:09:20.0164 5612 pci - ok

14:09:20.0178 5612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

14:09:20.0192 5612 pciide - ok

14:09:20.0216 5612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

14:09:20.0236 5612 pcmcia - ok

14:09:20.0269 5612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

14:09:20.0283 5612 pcw - ok

14:09:20.0336 5612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

14:09:20.0399 5612 PEAUTH - ok

14:09:20.0491 5612 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

14:09:20.0517 5612 PerfHost - ok

14:09:20.0570 5612 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

14:09:20.0582 5612 PGEffect - ok

14:09:20.0676 5612 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

14:09:20.0752 5612 pla - ok

14:09:20.0819 5612 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

14:09:20.0865 5612 PlugPlay - ok

14:09:20.0884 5612 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

14:09:20.0910 5612 PNRPAutoReg - ok

14:09:20.0946 5612 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

14:09:20.0964 5612 PNRPsvc - ok

14:09:21.0019 5612 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

14:09:21.0074 5612 PolicyAgent - ok

14:09:21.0120 5612 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

14:09:21.0176 5612 Power - ok

14:09:21.0241 5612 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

14:09:21.0293 5612 PptpMiniport - ok

14:09:21.0312 5612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

14:09:21.0335 5612 Processor - ok

14:09:21.0379 5612 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

14:09:21.0417 5612 ProfSvc - ok

14:09:21.0445 5612 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:09:21.0469 5612 ProtectedStorage - ok

14:09:21.0534 5612 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

14:09:21.0588 5612 Psched - ok

14:09:21.0646 5612 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys

14:09:21.0674 5612 QIOMem - ok

14:09:21.0782 5612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

14:09:21.0834 5612 ql2300 - ok

14:09:21.0938 5612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

14:09:21.0975 5612 ql40xx - ok

14:09:22.0021 5612 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

14:09:22.0050 5612 QWAVE - ok

14:09:22.0067 5612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

14:09:22.0103 5612 QWAVEdrv - ok

14:09:22.0134 5612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

14:09:22.0183 5612 RasAcd - ok

14:09:22.0228 5612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

14:09:22.0267 5612 RasAgileVpn - ok

14:09:22.0289 5612 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

14:09:22.0336 5612 RasAuto - ok

14:09:22.0376 5612 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

14:09:22.0417 5612 Rasl2tp - ok

14:09:22.0463 5612 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

14:09:22.0510 5612 RasMan - ok

14:09:22.0566 5612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

14:09:22.0625 5612 RasPppoe - ok

14:09:22.0649 5612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

14:09:22.0702 5612 RasSstp - ok

14:09:22.0762 5612 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

14:09:22.0821 5612 rdbss - ok

14:09:22.0834 5612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

14:09:22.0853 5612 rdpbus - ok

14:09:22.0873 5612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

14:09:22.0920 5612 RDPCDD - ok

14:09:22.0945 5612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

14:09:22.0995 5612 RDPENCDD - ok

14:09:23.0015 5612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

14:09:23.0055 5612 RDPREFMP - ok

14:09:23.0090 5612 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

14:09:23.0115 5612 RDPWD - ok

14:09:23.0165 5612 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

14:09:23.0185 5612 rdyboost - ok

14:09:23.0230 5612 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

14:09:23.0285 5612 RemoteAccess - ok

14:09:23.0325 5612 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

14:09:23.0365 5612 RemoteRegistry - ok

14:09:23.0380 5612 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

14:09:23.0485 5612 RpcEptMapper - ok

14:09:23.0590 5612 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

14:09:23.0655 5612 RpcLocator - ok

14:09:23.0725 5612 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

14:09:23.0784 5612 RpcSs - ok

14:09:23.0825 5612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

14:09:23.0878 5612 rspndr - ok

14:09:23.0940 5612 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys

14:09:23.0956 5612 RSUSBSTOR - ok

14:09:23.0977 5612 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys

14:09:23.0994 5612 RSUSBVSTOR - ok

14:09:24.0080 5612 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys

14:09:24.0121 5612 RTL8192Ce - ok

14:09:24.0141 5612 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:09:24.0155 5612 SamSs - ok

14:09:24.0180 5612 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

14:09:24.0196 5612 sbp2port - ok

14:09:24.0240 5612 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

14:09:24.0284 5612 SCardSvr - ok

14:09:24.0297 5612 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

14:09:24.0343 5612 scfilter - ok

14:09:24.0429 5612 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

14:09:24.0529 5612 Schedule - ok

14:09:24.0569 5612 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

14:09:24.0608 5612 SCPolicySvc - ok

14:09:24.0645 5612 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

14:09:24.0680 5612 SDRSVC - ok

14:09:24.0745 5612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

14:09:24.0789 5612 secdrv - ok

14:09:24.0815 5612 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

14:09:24.0854 5612 seclogon - ok

14:09:24.0868 5612 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

14:09:24.0920 5612 SENS - ok

14:09:24.0948 5612 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

14:09:24.0983 5612 SensrSvc - ok

14:09:25.0011 5612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

14:09:25.0036 5612 Serenum - ok

14:09:25.0066 5612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

14:09:25.0090 5612 Serial - ok

14:09:25.0122 5612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

14:09:25.0153 5612 sermouse - ok

14:09:25.0203 5612 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

14:09:25.0256 5612 SessionEnv - ok

14:09:25.0276 5612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

14:09:25.0306 5612 sffdisk - ok

14:09:25.0324 5612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

14:09:25.0351 5612 sffp_mmc - ok

14:09:25.0364 5612 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

14:09:25.0392 5612 sffp_sd - ok

14:09:25.0412 5612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

14:09:25.0440 5612 sfloppy - ok

14:09:25.0537 5612 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

14:09:25.0565 5612 Sftfs - ok

14:09:25.0657 5612 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

14:09:25.0686 5612 sftlist - ok

14:09:25.0711 5612 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

14:09:25.0728 5612 Sftplay - ok

14:09:25.0743 5612 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

14:09:25.0754 5612 Sftredir - ok

14:09:25.0787 5612 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

14:09:25.0799 5612 Sftvol - ok

14:09:25.0838 5612 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

14:09:25.0855 5612 sftvsa - ok

14:09:25.0908 5612 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

14:09:25.0960 5612 ShellHWDetection - ok

14:09:26.0008 5612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

14:09:26.0022 5612 SiSRaid2 - ok

14:09:26.0042 5612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

14:09:26.0057 5612 SiSRaid4 - ok

14:09:26.0076 5612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

14:09:26.0129 5612 Smb - ok

14:09:26.0172 5612 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

14:09:26.0192 5612 SNMPTRAP - ok

14:09:26.0212 5612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

14:09:26.0232 5612 spldr - ok

14:09:26.0292 5612 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

14:09:26.0342 5612 Spooler - ok

14:09:26.0552 5612 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

14:09:26.0662 5612 sppsvc - ok

14:09:26.0782 5612 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

14:09:26.0822 5612 sppuinotify - ok

14:09:26.0942 5612 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS

14:09:26.0972 5612 SRTSP - ok

14:09:26.0992 5612 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS

14:09:27.0002 5612 SRTSPX - ok

14:09:27.0062 5612 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

14:09:27.0092 5612 srv - ok

14:09:27.0132 5612 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

14:09:27.0172 5612 srv2 - ok

14:09:27.0232 5612 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS

14:09:27.0252 5612 SrvHsfHDA - ok

14:09:27.0352 5612 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS

14:09:27.0402 5612 SrvHsfV92 - ok

14:09:27.0572 5612 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS

14:09:27.0602 5612 SrvHsfWinac - ok

14:09:27.0622 5612 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

14:09:27.0632 5612 srvnet - ok

14:09:27.0692 5612 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

14:09:27.0762 5612 SSDPSRV - ok

14:09:27.0782 5612 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

14:09:27.0822 5612 SstpSvc - ok

14:09:27.0862 5612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

14:09:27.0872 5612 stexstor - ok

14:09:27.0952 5612 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

14:09:27.0992 5612 stisvc - ok

14:09:28.0022 5612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

14:09:28.0032 5612 swenum - ok

14:09:28.0102 5612 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

14:09:28.0162 5612 swprv - ok

14:09:28.0242 5612 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS

14:09:28.0262 5612 SymDS - ok

14:09:28.0342 5612 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS

14:09:28.0382 5612 SymEFA - ok

14:09:28.0422 5612 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

14:09:28.0432 5612 SymEvent - ok

14:09:28.0472 5612 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS

14:09:28.0492 5612 SymIRON - ok

14:09:28.0542 5612 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS

14:09:28.0572 5612 SymNetS - ok

14:09:28.0732 5612 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys

14:09:28.0772 5612 SynTP - ok

14:09:28.0972 5612 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

14:09:29.0042 5612 SysMain - ok

14:09:29.0152 5612 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

14:09:29.0202 5612 TabletInputService - ok

14:09:29.0242 5612 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

14:09:29.0312 5612 TapiSrv - ok

14:09:29.0332 5612 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

14:09:29.0382 5612 TBS - ok

14:09:29.0552 5612 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

14:09:29.0612 5612 Tcpip - ok

14:09:29.0822 5612 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

14:09:29.0872 5612 TCPIP6 - ok

14:09:29.0992 5612 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

14:09:30.0062 5612 tcpipreg - ok

14:09:30.0112 5612 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

14:09:30.0122 5612 tdcmdpst - ok

14:09:30.0152 5612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

14:09:30.0182 5612 TDPIPE - ok

14:09:30.0212 5612 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

14:09:30.0242 5612 TDTCP - ok

14:09:30.0282 5612 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

14:09:30.0322 5612 tdx - ok

14:09:30.0362 5612 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

14:09:30.0372 5612 TermDD - ok

14:09:30.0442 5612 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

14:09:30.0512 5612 TermService - ok

14:09:30.0542 5612 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

14:09:30.0562 5612 Themes - ok

14:09:30.0602 5612 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

14:09:30.0642 5612 THREADORDER - ok

14:09:30.0722 5612 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

14:09:30.0742 5612 TMachInfo - ok

14:09:30.0772 5612 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe

14:09:30.0782 5612 TODDSrv - ok

14:09:30.0912 5612 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

14:09:30.0942 5612 TosCoSrv - ok

14:09:31.0012 5612 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe

14:09:31.0032 5612 TOSHIBA eco Utility Service - ok

14:09:31.0092 5612 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

14:09:31.0112 5612 TOSHIBA HDD SSD Alert Service - ok

14:09:31.0202 5612 TPCHSrv (d788190624c617ec8be62d9f644283d7) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

14:09:31.0222 5612 TPCHSrv - ok

14:09:31.0342 5612 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

14:09:31.0392 5612 TrkWks - ok

14:09:31.0452 5612 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

14:09:31.0502 5612 TrustedInstaller - ok

14:09:31.0572 5612 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

14:09:31.0622 5612 tssecsrv - ok

14:09:31.0632 5612 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

14:09:31.0662 5612 TsUsbFlt - ok

14:09:31.0702 5612 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

14:09:31.0732 5612 TsUsbGD - ok

14:09:31.0792 5612 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

14:09:31.0852 5612 tunnel - ok

14:09:31.0902 5612 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

14:09:31.0912 5612 TVALZ - ok

14:09:31.0932 5612 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

14:09:31.0942 5612 TVALZFL - ok

14:09:31.0982 5612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

14:09:31.0992 5612 uagp35 - ok

14:09:32.0032 5612 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

14:09:32.0082 5612 udfs - ok

14:09:32.0132 5612 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

14:09:32.0142 5612 UI0Detect - ok

14:09:32.0172 5612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

14:09:32.0192 5612 uliagpkx - ok

14:09:32.0222 5612 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

14:09:32.0252 5612 umbus - ok

14:09:32.0282 5612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

14:09:32.0312 5612 UmPass - ok

14:09:32.0352 5612 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

14:09:32.0412 5612 upnphost - ok

14:09:32.0452 5612 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys

14:09:32.0492 5612 USBAAPL64 - ok

14:09:32.0532 5612 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

14:09:32.0552 5612 usbccgp - ok

14:09:32.0592 5612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

14:09:32.0612 5612 usbcir - ok

14:09:32.0642 5612 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

14:09:32.0672 5612 usbehci - ok

14:09:32.0732 5612 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

14:09:32.0762 5612 usbhub - ok

14:09:32.0782 5612 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys

14:09:32.0802 5612 usbohci - ok

14:09:32.0822 5612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

14:09:32.0852 5612 usbprint - ok

14:09:32.0872 5612 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

14:09:32.0892 5612 USBSTOR - ok

14:09:32.0922 5612 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

14:09:32.0942 5612 usbuhci - ok

14:09:32.0982 5612 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

14:09:33.0002 5612 usbvideo - ok

14:09:33.0032 5612 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

14:09:33.0092 5612 UxSms - ok

14:09:33.0112 5612 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:09:33.0132 5612 VaultSvc - ok

14:09:33.0172 5612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

14:09:33.0192 5612 vdrvroot - ok

14:09:33.0252 5612 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

14:09:33.0302 5612 vds - ok

14:09:33.0342 5612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

14:09:33.0352 5612 vga - ok

14:09:33.0362 5612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

14:09:33.0412 5612 VgaSave - ok

14:09:33.0432 5612 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

14:09:33.0452 5612 vhdmp - ok

14:09:33.0492 5612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

14:09:33.0502 5612 viaide - ok

14:09:33.0552 5612 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

14:09:33.0562 5612 volmgr - ok

14:09:33.0622 5612 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

14:09:33.0652 5612 volmgrx - ok

14:09:33.0952 5612 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys

14:09:33.0992 5612 volsnap - ok

14:09:34.0022 5612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

14:09:34.0042 5612 vsmraid - ok

14:09:34.0172 5612 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

14:09:34.0242 5612 VSS - ok

14:09:34.0352 5612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

14:09:34.0392 5612 vwifibus - ok

14:09:34.0412 5612 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

14:09:34.0432 5612 vwififlt - ok

14:09:34.0482 5612 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

14:09:34.0532 5612 W32Time - ok

14:09:34.0562 5612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

14:09:34.0582 5612 WacomPen - ok

14:09:34.0622 5612 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

14:09:34.0672 5612 WANARP - ok

14:09:34.0672 5612 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

14:09:34.0712 5612 Wanarpv6 - ok

14:09:34.0842 5612 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

14:09:34.0882 5612 WatAdminSvc - ok

14:09:35.0012 5612 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

14:09:35.0072 5612 wbengine - ok

14:09:35.0182 5612 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

14:09:35.0212 5612 WbioSrvc - ok

14:09:35.0252 5612 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

14:09:35.0292 5612 wcncsvc - ok

14:09:35.0332 5612 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

14:09:35.0352 5612 WcsPlugInService - ok

14:09:35.0412 5612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

14:09:35.0422 5612 Wd - ok

14:09:35.0502 5612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

14:09:35.0542 5612 Wdf01000 - ok

14:09:35.0562 5612 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

14:09:35.0662 5612 WdiServiceHost - ok

14:09:35.0672 5612 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

14:09:35.0692 5612 WdiSystemHost - ok

14:09:35.0733 5612 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

14:09:35.0773 5612 WebClient - ok

14:09:35.0793 5612 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

14:09:35.0853 5612 Wecsvc - ok

14:09:35.0893 5612 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

14:09:35.0933 5612 wercplsupport - ok

14:09:35.0973 5612 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

14:09:36.0023 5612 WerSvc - ok

14:09:36.0083 5612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

14:09:36.0153 5612 WfpLwf - ok

14:09:36.0153 5612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

14:09:36.0173 5612 WIMMount - ok

14:09:36.0173 5612 WinHttpAutoProxySvc - ok

14:09:36.0253 5612 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

14:09:36.0303 5612 Winmgmt - ok

14:09:36.0443 5612 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

14:09:36.0523 5612 WinRM - ok

14:09:36.0663 5612 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

14:09:36.0693 5612 WinUsb - ok

14:09:36.0773 5612 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

14:09:36.0823 5612 Wlansvc - ok

14:09:36.0913 5612 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:09:36.0933 5612 wlcrasvc - ok

14:09:37.0143 5612 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:09:37.0193 5612 wlidsvc - ok

14:09:37.0313 5612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

14:09:37.0338 5612 WmiAcpi - ok

14:09:37.0408 5612 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

14:09:37.0443 5612 wmiApSrv - ok

14:09:37.0563 5612 WMPNetworkSvc - ok

14:09:37.0588 5612 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

14:09:37.0618 5612 WPCSvc - ok

14:09:37.0643 5612 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

14:09:37.0658 5612 WPDBusEnum - ok

14:09:37.0688 5612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

14:09:37.0728 5612 ws2ifsl - ok

14:09:37.0728 5612 WSearch - ok

14:09:37.0891 5612 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

14:09:37.0959 5612 wuauserv - ok

14:09:38.0079 5612 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

14:09:38.0132 5612 WudfPf - ok

14:09:38.0172 5612 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

14:09:38.0227 5612 WUDFRd - ok

14:09:38.0263 5612 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

14:09:38.0303 5612 wudfsvc - ok

14:09:38.0333 5612 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

14:09:38.0370 5612 WwanSvc - ok

14:09:38.0405 5612 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

14:09:38.0659 5612 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

14:09:38.0659 5612 \Device\Harddisk0\DR0 - detected TDSS File System (1)

14:09:38.0671 5612 Boot (0x1200) (e298610129053b4a8fb1132f51d8c6df) \Device\Harddisk0\DR0\Partition0

14:09:38.0672 5612 \Device\Harddisk0\DR0\Partition0 - ok

14:09:38.0673 5612 ============================================================

14:09:38.0673 5612 Scan finished

14:09:38.0673 5612 ============================================================

14:09:38.0691 5604 Detected object count: 2

14:09:38.0691 5604 Actual detected object count: 2

14:10:21.0378 5604 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:21.0378 5604 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:21.0380 5604 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:10:21.0380 5604 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Marla [Admin rights]

Mode: Scan -- Date: 07/20/2012 14:13:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[bLACKLIST DLL] HKCU\[...]\Run : TOSHIBA (rundll32.exe "C:\Users\Marla\AppData\Local\VirtualStore\TOSHIBA\mobydcbg.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKCU\[...]\Run : SoftGrid Client (rundll32.exe "C:\Users\Marla\AppData\Local\Temp\SoftGrid Client\wsnznsv.dll",CreateInstance) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-4166542326-1819161419-857915492-1000[...]\Run : TOSHIBA (rundll32.exe "C:\Users\Marla\AppData\Local\VirtualStore\TOSHIBA\mobydcbg.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-4166542326-1819161419-857915492-1000[...]\Run : SoftGrid Client (rundll32.exe "C:\Users\Marla\AppData\Local\Temp\SoftGrid Client\wsnznsv.dll",CreateInstance) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Marla\AppData\Local\{c1883de9-b844-7330-c23e-b138314364c3}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{c1883de9-b844-7330-c23e-b138314364c3}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{c1883de9-b844-7330-c23e-b138314364c3}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{c1883de9-b844-7330-c23e-b138314364c3}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\marla\appdata\local\{c1883de9-b844-7330-c23e-b138314364c3}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\marla\appdata\local\{c1883de9-b844-7330-c23e-b138314364c3}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\marla\appdata\local\{c1883de9-b844-7330-c23e-b138314364c3}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++

--- User ---

[MBR] e81ed140307717b136fd67bcd77d38e6

[bSP] 1bbd35d2cd1aa566596c3c3a36ec36cf : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 460595 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 946372608 | Size: 14844 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

madball2012 · July 20, 2012

Logfile of random's system information tool 1.09 (written by random/random)

Run by Marla at 2012-07-20 14:26:04

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 419 GB (91%) free of 461 GB

Total RAM: 3559 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:26:11 PM, on 7/20/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\trend micro\Marla.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

O3 - Toolbar: ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [TOSHIBA] rundll32.exe "C:\Users\Marla\AppData\Local\VirtualStore\TOSHIBA\mobydcbg.dll",DllRegisterServer

O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

O4 - HKCU\..\Run: [softGrid Client] rundll32.exe "C:\Users\Marla\AppData\Local\Temp\SoftGrid Client\wsnznsv.dll",CreateInstance

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12423 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

winlogon.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

atieclxx

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

"taskhost.exe"

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1

"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1

"C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /c /a /s UserSession2

"C:\windows\system32\Dwm.exe"

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

"C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"

WLIDSvcM.exe 2268

"C:\Program Files\TOSHIBA\TECO\TecoService.exe"

C:\windows\Explorer.EXE

"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /c /a /s UserSession

"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"

"C:\Program Files\Toshiba\Power Saver\TPwrMain.exe"

"C:\Program Files\Toshiba\FlashCards\TCrdMain.exe"

"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Program Files\Toshiba\TECO\Teco.exe" /r

"C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe"

"C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe"

"C:\Program Files (x86)\ooVoo\ooVoo.exe" /minimized

"C:\Windows\System32\rundll32.exe" "C:\Users\Marla\AppData\Local\Temp\SoftGrid Client\wsnznsv.dll",CreateInstance

"C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

"C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe"

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"C:\Program Files\iPod\bin\iPodService.exe"

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

C:\windows\system32\SearchIndexer.exe /Embedding

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe" /s

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"

"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"

"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"

taskeng.exe {BC0C0D22-50F1-4C90-9A33-84283D0B996B}

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -Embedding

C:\windows\system32\wbem\wmiprvse.exe

"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2580 CREDAT:203009

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2580 CREDAT:334081

"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe19_ Global\UsGthrCtrlFltPipeMssGthrPipe19 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520

"C:\Users\Marla\Desktop\RSITx64.exe"

"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job

C:\windows\tasks\GoogleUpdateTaskMachineCore.job

C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-05-16 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]

TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12 700800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-28 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-05-16 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

ooVoo toolbar, powered by Ask.com - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-04 1519272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]

TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12 534400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-05-16 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-05-16 192112]

{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-05-09 176936]

{D4027C7F-154A-4066-A1AD-4243D8127440} - ooVoo toolbar, powered by Ask.com - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-04 1519272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""= []

"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-05-17 590256]

"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824]

"TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2011-04-27 972672]

"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-03-24 310912]

"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-06-30 562304]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-03 2679592]

"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-05-24 1544624]

"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-06-27 712096]

"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-06-09 710560]

"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]

"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-04-23 595816]

"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-03-30 38304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-10-17 39408]

"TOSHIBA"=C:\Users\Marla\AppData\Local\VirtualStore\TOSHIBA\mobydcbg.dll,DllRegisterServer []

"ooVoo.exe"=C:\Program Files (x86)\ooVoo\oovoo.exe [2012-05-29 25249400]

"SoftGrid Client"=C:\Users\Marla\AppData\Local\Temp\SoftGrid Client\wsnznsv.dll [2012-07-12 665088]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-26 336384]

"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816]

"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-04 252792]

"NortonOnlineBackupReminder"=C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [2011-06-22 3218864]

"ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-03-27 421736]

""= []

"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-05-04 1561768]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

C:\Users\Marla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-20 14:26:04 ----D---- C:\rsit

2012-07-20 14:26:04 ----D---- C:\Program Files\trend micro

2012-07-20 14:08:33 ----A---- C:\TDSSKiller.2.7.46.0_20.07.2012_14.08.33_log.txt

2012-07-20 14:01:36 ----D---- C:\windows\ERDNT

2012-07-20 14:01:01 ----D---- C:\Program Files (x86)\ERUNT

2012-07-20 10:12:26 ----A---- C:\windows\ntbtlog.txt

2012-07-20 09:31:57 ----D---- C:\Users\Marla\AppData\Roaming\Malwarebytes

2012-07-20 09:31:43 ----D---- C:\ProgramData\Malwarebytes

2012-07-20 09:31:43 ----A---- C:\windows\system32\drivers\mbam.sys

2012-07-20 09:31:42 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-12 10:35:01 ----A---- C:\windows\system32\win32k.sys

2012-07-12 10:33:47 ----A---- C:\windows\system32\MRT.INI

2012-07-12 10:29:52 ----A---- C:\windows\SYSWOW64\mshtmled.dll

2012-07-12 10:29:52 ----A---- C:\windows\system32\mshtmled.dll

2012-07-12 10:29:51 ----A---- C:\windows\SYSWOW64\url.dll

2012-07-12 10:29:51 ----A---- C:\windows\system32\url.dll

2012-07-12 10:29:50 ----A---- C:\windows\SYSWOW64\urlmon.dll

2012-07-12 10:29:50 ----A---- C:\windows\SYSWOW64\ieui.dll

2012-07-12 10:29:50 ----A---- C:\windows\SYSWOW64\iertutil.dll

2012-07-12 10:29:50 ----A---- C:\windows\system32\urlmon.dll

2012-07-12 10:29:50 ----A---- C:\windows\system32\ieui.dll

2012-07-12 10:29:50 ----A---- C:\windows\system32\iertutil.dll

2012-07-12 10:29:49 ----A---- C:\windows\SYSWOW64\wininet.dll

2012-07-12 10:29:49 ----A---- C:\windows\SYSWOW64\ieUnatt.exe

2012-07-12 10:29:49 ----A---- C:\windows\system32\ieUnatt.exe

2012-07-12 10:29:48 ----A---- C:\windows\system32\wininet.dll

2012-07-12 10:29:48 ----A---- C:\windows\system32\jsproxy.dll

2012-07-12 10:29:48 ----A---- C:\windows\system32\jscript9.dll

2012-07-12 10:29:47 ----A---- C:\windows\SYSWOW64\jsproxy.dll

2012-07-12 10:29:47 ----A---- C:\windows\SYSWOW64\jscript9.dll

2012-07-12 10:29:47 ----A---- C:\windows\SYSWOW64\jscript.dll

2012-07-12 10:29:47 ----A---- C:\windows\system32\jscript.dll

2012-07-12 10:29:46 ----A---- C:\windows\SYSWOW64\mshtml.dll

2012-07-12 10:29:45 ----A---- C:\windows\system32\mshtml.dll

2012-07-12 10:29:44 ----A---- C:\windows\system32\ieframe.dll

2012-07-12 10:29:43 ----A---- C:\windows\SYSWOW64\ieframe.dll

2012-07-11 12:12:10 ----A---- C:\windows\SYSWOW64\msxml6.dll

2012-07-11 12:12:10 ----A---- C:\windows\system32\msxml6.dll

2012-07-11 12:12:09 ----A---- C:\windows\SYSWOW64\msxml3r.dll

2012-07-11 12:12:09 ----A---- C:\windows\SYSWOW64\msxml3.dll

2012-07-11 12:12:09 ----A---- C:\windows\system32\msxml3r.dll

2012-07-11 12:12:09 ----A---- C:\windows\system32\msxml3.dll

2012-07-11 12:12:08 ----A---- C:\windows\SYSWOW64\shell32.dll

2012-07-11 12:12:08 ----A---- C:\windows\system32\shell32.dll

2012-07-11 12:12:06 ----A---- C:\windows\SYSWOW64\sspicli.dll

2012-07-11 12:12:06 ----A---- C:\windows\SYSWOW64\secur32.dll

2012-07-11 12:12:06 ----A---- C:\windows\SYSWOW64\schannel.dll

2012-07-11 12:12:06 ----A---- C:\windows\SYSWOW64\ncrypt.dll

2012-07-11 12:12:06 ----A---- C:\windows\system32\schannel.dll

2012-07-11 12:12:06 ----A---- C:\windows\system32\ncrypt.dll

2012-07-11 12:12:06 ----A---- C:\windows\system32\drivers\ksecpkg.sys

2012-07-11 12:12:06 ----A---- C:\windows\system32\drivers\ksecdd.sys

2012-07-11 12:12:06 ----A---- C:\windows\system32\drivers\cng.sys

2012-07-11 12:12:04 ----A---- C:\windows\SYSWOW64\cdosys.dll

2012-07-11 12:12:04 ----A---- C:\windows\system32\cdosys.dll

2012-07-05 21:08:00 ----D---- C:\ProgramData\Toshiba Book Place

2012-06-27 21:20:10 ----SHD---- C:\windows\SYSWOW64\%APPDATA%

2012-06-23 08:04:24 ----A---- C:\windows\system32\wups2.dll

2012-06-23 08:04:24 ----A---- C:\windows\system32\wucltux.dll

2012-06-23 08:04:24 ----A---- C:\windows\system32\wuaueng.dll

2012-06-23 08:04:24 ----A---- C:\windows\system32\wuauclt.exe

2012-06-23 08:04:05 ----A---- C:\windows\system32\wups.dll

2012-06-23 08:04:05 ----A---- C:\windows\system32\wudriver.dll

2012-06-23 08:04:05 ----A---- C:\windows\system32\wuapi.dll

2012-06-23 08:03:47 ----A---- C:\windows\system32\wuwebv.dll

2012-06-23 08:03:47 ----A---- C:\windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2012-07-20 14:26:04 ----RD---- C:\Program Files

2012-07-20 14:25:56 ----D---- C:\windows\Temp

2012-07-20 14:08:35 ----D---- C:\windows\system32\drivers

2012-07-20 14:01:36 ----AD---- C:\Windows

2012-07-20 14:01:01 ----RD---- C:\Program Files (x86)

2012-07-20 12:01:23 ----D---- C:\windows\system32\config

2012-07-20 11:52:54 ----D---- C:\windows\inf

2012-07-20 11:52:54 ----AD---- C:\windows\System32

2012-07-20 11:52:54 ----A---- C:\windows\system32\PerfStringBackup.INI

2012-07-20 09:31:43 ----HD---- C:\ProgramData

2012-07-20 09:24:15 ----D---- C:\ProgramData\Tarma Installer

2012-07-20 09:24:12 ----D---- C:\windows\system32\Tasks

2012-07-20 08:53:26 ----D---- C:\Users\Marla\AppData\Roaming\SoftGrid Client

2012-07-17 12:00:43 ----SHD---- C:\windows\Installer

2012-07-17 12:00:43 ----D---- C:\Users\Marla\AppData\Roaming\TP

2012-07-16 21:25:20 ----AD---- C:\windows\system32\sysprep

2012-07-12 15:51:38 ----D---- C:\windows\winsxs

2012-07-12 15:49:15 ----D---- C:\windows\SysWOW64

2012-07-12 15:49:12 ----D---- C:\windows\SYSWOW64\migration

2012-07-12 15:49:12 ----D---- C:\Program Files (x86)\Internet Explorer

2012-07-12 15:49:10 ----D---- C:\windows\system32\migration

2012-07-12 15:49:09 ----D---- C:\Program Files\Internet Explorer

2012-07-12 12:49:09 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe

2012-07-12 10:35:18 ----D---- C:\windows\system32\catroot

2012-07-12 10:31:05 ----A---- C:\windows\system32\MRT.exe

2012-07-12 10:30:13 ----D---- C:\windows\system32\catroot2

2012-07-12 10:28:07 ----SHD---- C:\System Volume Information

2012-06-28 20:35:49 ----SD---- C:\Users\Marla\AppData\Roaming\Microsoft

2012-06-26 17:06:42 ----D---- C:\windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192]

R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-28 1092728]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]

R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]

R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-05-15 482936]

R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120522.001\IDSvia64.sys [2012-05-15 488568]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [2012-03-28 37496]

R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-28 190072]

R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-28 405624]

R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]

R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2011-05-26 9263104]

R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 300544]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-07-07 1576576]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-16 138360]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]

R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]

R3 QIOMem;Generic IO & Memory Access; C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2012-05-16 175736]

R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-03 1413680]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]

S3 aswMBR;aswMBR; \??\C:\Users\Marla\AppData\Local\Temp\aswMBR.sys []

S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS [2012-05-22 120440]

S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS [2012-05-22 2068600]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]

S3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [2012-03-28 737912]

S3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

S3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2012-02-15 52736]

S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2011-05-26 204288]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]

R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\windows\system32\TODDSrv.exe [2010-10-20 138656]

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2011-05-17 574896]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 934760]

R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-09 138152]

R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-06-27 828856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-17 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-05-16 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

madball2012 · July 20, 2012

info.txt logfile of random's system information tool 1.09 2012-07-20 14:26:13

======Uninstall list======

-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe"

-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe"

-->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16

-->C:\Program Files\CONEXANT\cMA3Preset\SETUP64.EXE -U -IcMA3Preset ,16

-->C:\Program Files\Conexant\MaxxAudio\SETUP64.EXE -U -IMaxxAudio

-->C:\Program Files\Conexant\MaxxGadget\SETUP64.EXE -U -IMaxxGadget ,16

-->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801

-->C:\Program Files\TOSHIBA\TVAP\setup.exe

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}

Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe -maintain plugin

Adobe Reader X MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}

Apple Application Support-->MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}

Apple Mobile Device Support-->MsiExec.exe /I{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -removeonly

ATI Catalyst Install Manager-->msiexec /q/x{34565B7E-F28D-BEEE-75BB-06E7659FC76F} REBOOT=ReallySuppress

Bejeweled 3-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe"

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

Catalyst Control Center - Branding-->MsiExec.exe /I{8064A378-46F4-4A4E-8AF5-153D0D4018DD}

Chuzzle Deluxe-->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\uninstall\uninstaller.exe"

Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}

Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}

Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}

Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -ITE7Pebwa.inf

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

FATE - The Traitor Soul-->"C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\uninstall\uninstaller.exe"

Fishdom 2-->"C:\Program Files (x86)\TOSHIBA Games\Fishdom 2\uninstall\uninstaller.exe"

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

iTunes-->MsiExec.exe /I{CF8FFD12-602B-422D-AF1D-511B411E7632}

Java 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF}

Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}

Microsoft Office Click-to-Run 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall

Microsoft Office Click-to-Run 2010-->MsiExec.exe /I{90140000-006D-0409-1000-0000000FF1CE}

Microsoft Office Starter 2010 - English-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

Netwaiting-->MsiExec.exe /I{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}

Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.7.1.5\InstStub.exe /X /ARP

ooVoo-->MsiExec.exe /X{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}

Penguins!-->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\uninstall\uninstaller.exe"

Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe"

PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}

PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}

Polar Bowler-->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\uninstall\uninstaller.exe"

Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly

Realtek WLAN Driver-->C:\Program Files (x86)\InstallShield Installation Information\{9D3D8C60-A55F-4fed-B2B9-173001290E16}\Install.exe -uninst -l0x9

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Skype Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly

Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Tom Clancy's Splinter Cell-->"C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\uninstall\uninstaller.exe"

Toshiba App Place-->MsiExec.exe /I{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}

TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly

TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -removeonly

Toshiba Book Place-->MsiExec.exe /X{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}

TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{C14518AF-1A0F-4D39-8011-69BAA01CD380}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Bulletin Board-->MsiExec.exe /X{C14518AF-1A0F-4D39-8011-69BAA01CD380}

TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}

TOSHIBA eco Utility-->MsiExec.exe /X{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}

TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F}

TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} /l1033

TOSHIBA HDD/SSD Alert-->MsiExec.exe /X{D4322448-B6AF-4316-B859-D8A0E84DCB38}

Toshiba Laptop Checkup-->C:\Program Files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.13.11\InstStub.exe /X

TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}

TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -removeonly

Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}

TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}

TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly

TOSHIBA Recovery Media Creator-->C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\Setup.exe -runfromtemp -removeonly

TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C}

TOSHIBA Resolution+ Plug-in for Windows Media Player-->"C:\Program Files (x86)\InstallShield Installation Information\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly

TOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -removeonly

TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033

TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe

TOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0409 -removeonly

TOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}

TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5B01BCB7-A5D3-476F-AF11-E515BA206591}

TOSHIBARegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"

Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe"

Vuze Remote Toolbar-->C:\Program Files (x86)\Vuze_Remote\uninstall.exe toolbar

Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe

WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe"

WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}

Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}

Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}

Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

WMV9/VC-1 Video Playback-->MsiExec.exe /X{645C958A-F505-A126-F618-DDF4F9C3FE43}

Zuma's Revenge-->"C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe"

======System event log======

Computer Name: Marla-PC

Event Code: 10016

Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{9BA05972-F6A8-11CF-A442-00A0C90A8F39}

and APPID

{9BA05972-F6A8-11CF-A442-00A0C90A8F39}

to the user Marla-PC\Marla SID (S-1-5-21-4166542326-1819161419-857915492-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Record Number: 33666

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20120617171048.000000-000

Event Type: Error

User: Marla-PC\Marla

Computer Name: Marla-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 33421

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120615053315.754051-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Marla-PC

Event Code: 37

Message: The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 6 seconds since the last report.

Record Number: 32054

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20120614151359.829188-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Marla-PC

Event Code: 37

Message: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 6 seconds since the last report.

Record Number: 32053

Source Name: Microsoft-Windows-Kernel-Processor-Power

Time Written: 20120614151359.727182-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Marla-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 31909

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120614150856.595466-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Marla-PC

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1507

Source Name: Microsoft-Windows-CAPI2

Time Written: 20120516030244.222506-000

Event Type: Error

User:

Computer Name: Marla-PC

Event Code: 11

Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 964) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.

Record Number: 1506

Source Name: Microsoft-Windows-RPC-Events

Time Written: 20120516030236.032492-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Marla-PC

Event Code: 0

Message:

Record Number: 1496

Source Name: Toshiba App Place

Time Written: 20120516025647.000000-000

Event Type: Error

User:

Computer Name: Marla-PC

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 1466

Source Name: Microsoft-Windows-Search

Time Written: 20120516014835.000000-000

Event Type: Warning

User:

Computer Name: Marla-PC

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 1462

Source Name: Microsoft-Windows-WMI

Time Written: 20120516014638.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Marla-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-21-4166542326-1819161419-857915492-1000

Account Name: Marla

Account Domain: Marla-PC

Logon ID: 0x3cc32

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: HTTPSC

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0387c36d70c5c8fcaceb92cc0b5720d_e963cf0d-3113-4b2e-8ffd-e20cd2a54cd5

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 53004

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120714052734.476106-000

Event Type: Audit Success

User:

Computer Name: Marla-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-21-4166542326-1819161419-857915492-1000

Account Name: Marla

Account Domain: Marla-PC

Logon ID: 0x3cc32

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: HTTPSC

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 53003

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120714052734.476106-000

Event Type: Audit Success

User:

Computer Name: Marla-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-21-4166542326-1819161419-857915492-1000

Account Name: Marla

Account Domain: Marla-PC

Logon ID: 0x3cc32

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: HTTPSC

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0387c36d70c5c8fcaceb92cc0b5720d_e963cf0d-3113-4b2e-8ffd-e20cd2a54cd5

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 53002

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120714052734.476106-000

Event Type: Audit Success

User:

Computer Name: Marla-PC

Event Code: 5061

Message: Cryptographic operation.

Subject:

Security ID: S-1-5-21-4166542326-1819161419-857915492-1000

Account Name: Marla

Account Domain: Marla-PC

Logon ID: 0x3cc32

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: RSA

Key Name: HTTPSC

Key Type: Machine key.

Cryptographic Operation:

Operation: Open Key.

Return Code: 0x0

Record Number: 53001

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120714052734.473106-000

Event Type: Audit Success

User:

Computer Name: Marla-PC

Event Code: 5058

Message: Key file operation.

Subject:

Security ID: S-1-5-21-4166542326-1819161419-857915492-1000

Account Name: Marla

Account Domain: Marla-PC

Logon ID: 0x3cc32

Cryptographic Parameters:

Provider Name: Microsoft Software Key Storage Provider

Algorithm Name: Not Available.

Key Name: HTTPSC

Key Type: Machine key.

Key File Operation Information:

File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0387c36d70c5c8fcaceb92cc0b5720d_e963cf0d-3113-4b2e-8ffd-e20cd2a54cd5

Operation: Read persisted key from file.

Return Code: 0x0

Record Number: 53000

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120714052734.473106-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=18

"PROCESSOR_IDENTIFIER"=AMD64 Family 18 Model 1 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=0100

"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log

"windows_tracing_flags"=3

"asl.log"=Destination=file

-----------------EOF-----------------

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 25

Java version out of Date!

Google Chrome 20.0.1132.47

Google Chrome 20.0.1132.57

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

Maurice Naggar · July 21, 2012

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Maurice Naggar · July 24, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Scanned, removed, still infected

Recommended Posts

madball2012

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

madball2012

Link to post

Share on other sites

madball2012

Link to post

Share on other sites

madball2012

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information